Java on Mac proof of concept exploit released

“This link will execute code on your system with your current user permissions,” Mr. Fuller published both a Web page that will exploit the vulnerability, and instructions for others to do the same. “CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may result in untrusted Java applets executing arbitrary code merely by visiting a web page hosting the applet. The issue is trivially exploitable.”

Apple has yet to fix the Java security exploit on Mac OS X.

“Unfortunately, it seems that many Mac OS X security issues are ignored [by Apple] if the severity of the issue is not adequately demonstrated,” he wrote. “Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release a my own proof of concept to demonstrate the issue.”